Recover Encrypted Files From An Old Hard Drive

Jeff Hudgins removed the hard drive from a dying computer, and via USB plugged it into a new PC. But he can't access his files. They're encrypted.

I don't like Windows' Encrypted File System (EFS), and Jeff's story illustrates why. Although EFS provides what appears to be a convenient, completely transparent form of encryption, it can be trouble down the road.

EFS makes sense in a business, where IS professionals manage the computers and less savvy people use them. The users don't even have to know that their data is encrypted (or even what the word encrypted means). They log into Windows and they can access their files. But if someone else logs in, or boots from a live Linux CD, or removes the hard drive, the files are inaccessible. And should it be necessary, IS knows how to get back those files.

But in a home environment, as Jeff discovered, EFS is just asking for trouble down the road.

So what should you do? If the old PC can boot Windows and work at all, put the drive back in, boot it, and transfer the files from there.

If not, did you create and export the certificate needed to decrypt the files--and did you save the certificate to a safe place not on that hard drive? If you did, and if you can find the certificate, you can access the files--even from another computer (assuming the computer is running Windows).

To do so, click Start (Start>Run in XP), type certmgr.msc and press ENTER. This opens the Certificate Manager. Click the Personal folder in the left pane. Then, from the menu, select Action>All Tasks>Import and follow the Certificate Import Wizard.

But if the old PC is utterly useless, you don't have a certificate, and you don't have an unencrypted backup, those files are gone. You can Google decrypt efs without certificate, but I doubt you'll find a solution that works.

You may have noticed that I didn't provide instructions for creating and exporting a certificate. That's because, if you're using EFS, I have better advice:

Stop using EFS. Instead, switch to TrueCrypt. It's free, open-source, and dependable. No matter what computer you're using it on, if you have the password, you can get in. Without the password, you never will.